2026-02-05 · Authensor

How to Limit AI Agent API Calls Per Hour

SafeClaw by Authensor lets you set per-hour rate limits on any action an AI agent performs, including outbound API calls, shell commands, and file operations. Define a maximum call count in your policy file, and SafeClaw enforces it automatically — once the limit is hit, all further requests are denied until the window resets. Install with npx @authensor/safeclaw and prevent runaway API costs immediately.

Why Rate Limiting Matters

AI agents operating autonomously can enter loops, retry failed requests indefinitely, or simply work faster than expected — burning through API quotas and racking up costs. An agent making 10,000 API calls per hour to a paid service can cost hundreds of dollars before you notice. Rate limiting is a critical cost control and abuse-prevention measure.

Step 1: Install SafeClaw

npx @authensor/safeclaw

Works with Claude, OpenAI, LangChain, and every major agent framework. Zero dependencies, MIT licensed.

Step 2: Set a Global Rate Limit

# safeclaw.policy.yaml
rate_limits:
  - action: "*"
    max_per_hour: 500
    reason: "Global rate limit: max 500 actions per hour"

This caps the total number of actions (file reads, shell commands, network requests, everything) at 500 per hour. If the agent tries action 501, it is denied.

Step 3: Set Per-Action Rate Limits

For finer control, set different limits for different action types:

rate_limits: - action: network.request max_per_hour: 100 reason: "Limit outbound API calls to 100/hour" - action: shell.execute max_per_hour: 200 reason: "Limit shell commands to 200/hour" - action: file.write max_per_hour: 50 reason: "Limit file writes to 50/hour"

- action: file.read max_per_hour: 300 reason: "Limit file reads to 300/hour"

Step 4: Limit Specific API Endpoints

If your agent calls specific APIs, you can rate-limit by destination:

rate_limits: - action: network.request destination: "api.openai.com" max_per_hour: 60 reason: "Limit OpenAI API calls to 60/hour (1 per minute average)" - action: network.request destination: "api.stripe.com" max_per_hour: 20 reason: "Limit Stripe API calls to 20/hour"

- action: network.request destination: "*.amazonaws.com" max_per_hour: 50 reason: "Limit AWS API calls to 50/hour"

Step 5: Set Burst Controls

Rate limits alone allow bursty behavior — an agent could make 100 calls in the first minute and then be idle. Add burst controls for smoother distribution:

rate_limits:
  - action: network.request
    max_per_hour: 120
    max_per_minute: 5
    reason: "Max 120/hour with 5/minute burst limit"

This prevents the agent from making all 120 calls in a short burst, spreading them across the hour.

Step 6: Configure Alerts

Set up alerts when the agent approaches its limit:

rate_limits:
  - action: network.request
    max_per_hour: 100
    alert_at_percent: 80
    reason: "Alert at 80 calls, deny at 100"

When the agent hits 80% of its limit (80 calls), SafeClaw logs a warning. At 100 calls, it starts denying.

Step 7: Test and Monitor

Run simulation mode to see how your agent behaves under rate limits:

npx @authensor/safeclaw --simulate

Monitor real-time usage:

npx @authensor/safeclaw audit --rate-summary

This shows a summary of action counts per hour, making it easy to tune your limits based on actual usage patterns.

Handling Denied Requests

When a rate limit is hit, SafeClaw returns a clear denial:

[DENIED] network.request: "https://api.openai.com/v1/chat/completions"
  Rate limit exceeded: 100/100 per hour
  Resets at: 2026-02-13T15:00:00Z

The agent receives this feedback and can adapt — waiting or informing the user that it has reached its limit.

SafeClaw is open-source with 446 tests and works with both Claude and OpenAI providers. The hash-chained audit trail records every rate-limited action.

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw